Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-06-08 CVE-2020-8172 Improper Certificate Validation vulnerability in multiple products
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
5.8
2020-06-08 CVE-2020-7676 Cross-site Scripting vulnerability in Angularjs Angular.Js
angular.js prior to 1.8.0 allows cross site scripting.
network
low complexity
angularjs CWE-79
5.4
2020-06-08 CVE-2020-6110 Path Traversal vulnerability in Zoom 4.6.10
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets.
network
zoom CWE-22
6.8
2020-06-08 CVE-2020-6109 Path Traversal vulnerability in Zoom 4.6.10
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs.
network
low complexity
zoom CWE-22
7.5
2020-06-08 CVE-2020-4529 Server-Side Request Forgery (SSRF) vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1.0
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF).
network
low complexity
ibm CWE-918
6.5
2020-06-08 CVE-2020-12773 Unspecified vulnerability in Realtek Adsl Router SOC Firmware
A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.
network
low complexity
realtek
6.5
2020-06-07 CVE-2020-13912 Improper Privilege Management vulnerability in Solarwinds Advanced Monitoring Agent 10.8.8
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
6.0
2020-06-07 CVE-2020-13910 Out-of-bounds Read vulnerability in Pengutronix Barebox
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.
network
low complexity
pengutronix CWE-125
6.4
2020-06-07 CVE-2020-13909 Unspecified vulnerability in Facade Ignition
The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env.
network
low complexity
facade
7.5
2020-06-07 CVE-2020-13904 Use After Free vulnerability in multiple products
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
local
low complexity
ffmpeg canonical debian CWE-416
5.5